If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello Guest,Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum.

Please review the forums rules, start with your first post today and become an active part of petri.co.il forums now!

You would have to configure a GPO for IE setting, however you can't block sites. You can however configure IE via GPO's to allow certain sites by configuring the Content Advisor. Take a look at this article here:

If you need more granularity in with the ability to block sites you will have to look a some type of proxy server. ISA 2006 is good especially if you are a microsoft shop. Websense is another on.

For the blocking of file uploads especially through like bit torrents or via IM you have your work cut out. Traditional firewalls have a hard time blocking that stuff because the ports for those types of programs tunnel through ports that are already open on the firewall. I would like a some type of Intrusion Prevention System or Layer 7 firewall. Again ISA 2006 is a good canidate.

Comment

I just did this at work without using ISA - I just made a GPO for one user, and in Internet Explorer Maintenance configured the proxy to redirect all http requests to 127.0.0.1. Then I added the websites that I wanted allowed in the exceptions list.

So far it's working well. Note that the limitation is that the exception list can't be very big (depending on your version of Win Server 2k3, I think SP2 allows 2048 characters in the exceptions list).

Cheers

Comment

I just did this at work without using ISA - I just made a GPO for one user, and in Internet Explorer Maintenance configured the proxy to redirect all http requests to 127.0.0.1. Then I added the websites that I wanted allowed in the exceptions list.

So far it's working well. Note that the limitation is that the exception list can't be very big (depending on your version of Win Server 2k3, I think SP2 allows 2048 characters in the exceptions list).

Cheers

Well I don't think that really helps people who need to block only a few particular sites though.

VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

Comment

One specific reason as to why the traditional firewalls are not able to block uploads and P2P traffic is they work at Layer 3 level while devices like ISA 2006 and Websense work at layer 7 level. So thats the reason why we can allow users to access Gmail but disable the same Gtalk app which runs inbuilt in Gmail Window.

Comment

Gepeto and Wiredteknologies solutions work but only in a small environment. This would get insanely cumbersome to manage and doesn't scale very well. Better to go with an enterprise solution if it is possible.

Ryan

Comment

Yes definitely. I am definitely not recommending that someone use these solutions when you can get very inexpensive proxy servers for SMB. For enterprise, I don't even think the original poster would be asking about doing this using GPOs